nanog mailing list archives

Re: Mac OS X 10.7, still no DHCPv6

From: Ray Soucy <rps () maine edu>
Date: Sun, 27 Feb 2011 17:42:19 -0500

You can write script to poll routers for IPv6 neighbors, and store
those in a database.  That will get you the IPv6 to MAC association.
Then poll L2 devices for MAC address tables for the MAC to port
association.

We've had such a system in place for a few years now to map addresses
to ports, etc., it also checks for rogue RA.  It's messy (and I don't
like the extra load it causes on routers).

If we had things like DHCPv6 snooping, RA guard (which you can
implement with PACLs), and IPv6 source verification we wouldn't need
it.

Thankfully most of these are all in the pipeline.

On Sun, Feb 27, 2011 at 5:32 PM, Karl Auer <kauer () biplane com au> wrote:

On Sun, 2011-02-27 at 14:47 +0000, Leigh Porter wrote:

Does anybody have anything neat to keep logs of what host gets what
ipv6 address in an SLAAC environment?


How do you define "what host"? If it's by MAC address (and you are not
using temporary, cryptographic or random addresses), then the MAC is in
the address the host ends up using.

Also, as someone else said, hosts don't "get" addresses via SLAAC - they
generate them. That means that while you may be able to predict what
they *will* use, you would need to snoop NDP to find out what they *are*
using, and even more so for temporary, cryptographic and random
addresses.

I have no experience of anything that actually does this, but it would
be fairly simple to do. NDP will end up snooped in routers and switches
for lots of reasons, so expect to see such features in real kit pretty
soon. Make sure you let your vendor know what you want/need...

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer () biplane com au)                   +61-2-64957160 (h)
http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)

GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156




-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/

Current thread:

Re: Mac OS X 10.7, still no DHCPv6, (continued)
- - - Re: Mac OS X 10.7, still no DHCPv6 Joel Jaeggli (Feb 27)
    - Re: Mac OS X 10.7, still no DHCPv6 Mark Andrews (Feb 27)
    - Re: Mac OS X 10.7, still no DHCPv6 Leo Bicknell (Feb 27)
    - Re: Mac OS X 10.7, still no DHCPv6 Mark Andrews (Feb 27)
    - Re: Mac OS X 10.7, still no DHCPv6 Karl Auer (Feb 27)
    - Re: Mac OS X 10.7, still no DHCPv6 Leo Bicknell (Feb 28)
    - Re: Mac OS X 10.7, still no DHCPv6 Dobbins, Roland (Feb 28)
    - Re: Mac OS X 10.7, still no DHCPv6 Karl Auer (Feb 27)
    - Re: Mac OS X 10.7, still no DHCPv6 Mark Andrews (Feb 28)
    - Re: Mac OS X 10.7, still no DHCPv6 Karl Auer (Feb 27)
    - Re: Mac OS X 10.7, still no DHCPv6 Ray Soucy (Feb 27)
    - RE: Mac OS X 10.7, still no DHCPv6 George Bonser (Feb 27)
  - Re: Mac OS X 10.7, still no DHCPv6 Patrick Giagnocavo (Feb 27)
- Re: Mac OS X 10.7, still no DHCPv6 Joel Jaeggli (Feb 26)
  - Re: Mac OS X 10.7, still no DHCPv6 Phil Regnauld (Feb 26)
    - Re: Mac OS X 10.7, still no DHCPv6 Patrick W. Gilmore (Feb 26)
    - Re: Mac OS X 10.7, still no DHCPv6 Doug Barton (Feb 26)
  - Re: Mac OS X 10.7, still no DHCPv6 Randy Bush (Feb 27)
    - Re: Mac OS X 10.7, still no DHCPv6 Randy Bush (Feb 27)
    - Re: Mac OS X 10.7, still no DHCPv6 Owen DeLong (Feb 27)
    - Re: Mac OS X 10.7, still no DHCPv6 Tore Anderson (Feb 27)

(Thread continues...)